Are Critical Infrastructures Vulnerable to Cyberattacks?

This post is also available in: עברית (Hebrew)

Recent Russian cyber attacks against US targets have raised the concern of the US Department of Homeland Security (DHS).  A critical infrastructure may be a potential target. According to a DHS statement, these cyber operations, named Grizzly Steppe by the US government, included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations, and theft of information from these organizations. This stolen information was later publicly released by third parties.

Spearphishing is the use of forged emails, texts, and other messages to manipulate users into opening malware or malicious software or clicking on malicious links.

In operations targeting other countries, including U.S. allies and partners, Russian intelligence services (RIS) have undertaken damaging or disruptive cyber-attacks, including on critical infrastructure—in some cases masquerading as third parties or hiding behind false online personas designed to cause the victim to misattribute the source of the attack, according to the DHS website.

In one operation, Russian cyber actors tricked recipients into changing their passwords through a fake website that was designed by the Russians cyber actors to appear legitimate. The actors then used those credentials—the username and password—to access the network as if they were legitimate users. They installed other malicious files, moved freely throughout the target network, gathered data and information, and exfiltrated it from the target network.

Russian cyber actors continue to conduct spearphishing campaigns, including one launched as recently as November 2016, just days after the U.S. election.

Cyberattacks that have paralyzed electric utilities in Ukraine have renewed concern that the U.S. power grid might be damaged by criminal cyber attacks.

Parts of the Ukrainian capital Kiev went dark recently, an event that has raised suspicion that Russia has figured out how to crash a power grid with a click.

A similar attack occurred a year ago when nearly a quarter of a million people lost power in the Ivano-Frankivsk region of Ukraine when it was targeted by a suspected Russian attack.  

The hackers sent emails with infected attachments to power company employees, stealing their login credentials and then taking control of the grid’s systems to cut the circuit breakers at nearly 60 substations.

According to cbsnews.com, the suspected motive for the attack is the war in eastern Ukraine, where Russian-backed separatists are fighting against Ukrainian government forces.

But hackers could launch a similar attack in the U.S. “We can’t just look at the Ukraine attack and go ‘oh we’re safe against that attack,’” said Rob Lee, a former cyberwarfare operations officer in the U.S. military. “If we have New York City or Washington D.C. go down for a day, two days, a week, what does life look like at that point?” he said.

He said that some U.S. electric utilities have weaker security than Ukraine, and the malicious software the hackers used has already been detected in the U.S.

“It’s very concerning that these same actors using similar capabilities and tradecraft are preparing and are getting access to these business networks, getting access to portions of the power grid,” he said.

In Ukraine, they restarted the power in just hours. But an attack in the U.S. could leave people without electricity for days, or even weeks, according to experts. Because, ironically, America’s advanced, automated grid would be much harder to fix.